Forums / Developer / Protecting User Register - Administration Interface.

Protecting User Register - Administration Interface.

Author Message

John Smith

Friday 27 November 2009 12:54:16 am

Hi guys,

Hope someone can help me. What is the best way to protect the following URL from public.

http://www.xxxx.com/xx_admin/user/register

I dont want to disable registration module for administration interface.

Cheers,

Damien Pobel

Friday 27 November 2009 1:11:39 pm

Hi John,

you could try to add the following lines to the site.ini.append.php file of siteaccesses where you want to disable user/register view :

[SiteAccessRules]
Rules[]
Rules[]=access;enable
Rules[]=moduleall
Rules[]=access;disable
Rules[]=module;user/register

Cheers

Damien
Planet eZ Publish.fr : http://www.planet-ezpublish.fr
Certification : http://auth.ez.no/certification/verify/372448
Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish

John Smith

Saturday 28 November 2009 2:12:32 am

Cheers, mate, I do not want to disable the registration view, looking to protect it from certain IP addresses.

Anybody else please?

Damien Pobel

Saturday 28 November 2009 3:15:26 am

I don't think you cannot do that directly in eZ Publish without modifiying kernel/user/register.php or by writing your own view in an extension to register users.

If you use Apache, you can also set up some rewrite rules that filters the access to /user/register based on the IP.

Damien
Planet eZ Publish.fr : http://www.planet-ezpublish.fr
Certification : http://auth.ez.no/certification/verify/372448
Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish

Sylvain Gogel

Monday 30 November 2009 2:15:12 pm

I agree with Damien, it's not something you can easily acheave at application level, but Apache rewrite rules can do.

At ezpublish you can create your own register module that will call the user/register view and add a security check before running if.

--
http://www.ecedi.fr
Agence Web, Créa/Conseils, Accessibilité
eZPublish, Drupal, Zend, Symfony

John Smith

Tuesday 08 December 2009 4:21:13 am

So this means, there is no way we can protect the following URL from Anonymous Users in out of the box solution.

http://www.xxx.com/xx_admin/user/register

Anyone can register if you know the URL...

EzCrew any possible quick solution?

Gaetano Giunta

Tuesday 08 December 2009 7:29:43 am

it's about roles and policies - to block anon user registration you will have to alter some settings in an override of sinte.ini.

Search for this text in the default site.ini for more details:

 # A list of module or module/views that don't require user login
AnonymousAccessList[]

Principal Consultant International Business
Member of the Community Project Board